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What Is Claimed Is: 

1 . A method for operating a key distribution center (KDC) that 
provided keys to facilitate secure communications between clients and servers 
across a computer network, wherein the KDC operates without having to store 
long-term server secrets, comprising: 

receiving, a communication that is authenticated from a server at the KDC; 
wherein thb communication includes a temporary secret key to be used in 
communications witfi the server for a limited time period; and 

storing the temporary secret key at the KDC, so that the temporary secret 
key can be subsequently u^ed to facilitate communications between a client and 
the server. 



1 2 . The method of clairk 1 , wherein upon subsequently receiving a 

2 request from the client at the KDC to\ommunicate with the server, the method 

3 further comprises facilitating communications between the client and the server 

4 by: 

5 producing a session key to be used in ^mmunications between the client 

6 and server; 

7 creating a ticket to the server by encrypting \n identifier for the client and 

8 the session key with the temporary secret key for the server; and 

9 assembling a message that includes the identifier \v the server, the session 

1 0 key and the ticket to the server; and 

1 1 sending the message to the client in a secure manner; aJi^i 

1 2 allowing the client to forward the ticket to the server in ord^er to initiate 

1 3 communications between the client and the server. 
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1 . y . The method of claim 2, wherein upon receiving the ticket from the 

2 client atuie server, the method further comprises: 

3 decrypting the ticket at the server using the temporary secret key to restore 

4 the session Rey and the identifier for the client; and 

5 using the session key at the server to protect subsequent communications 

6 between the seAer and the client. 

1 4. The method of claim 2, wherein assembling the message involves 

2 including an expiration time for the session key in the message. 

1 5. The method of claim 2, wherein allowing the client to forward the 

2 ticket to the server includes \llowing the client to forward an identifier for the 

3 temporary secret key to the server, so that the server can know which temporary 

4 secret key to use in decrypting the ticket. 

1 6. The method of claim v, wherein sending the message to the client 

2 in the secure manner involves encrypting the message with a second session key 

3 that was previously communicated to the client by the KDC. 

1 7. The method of claim 2, furtker comprising alternatively creating 

2 the ticket to the server by encrypting the identifier for the client and the session 

3 key with one of; t \ 

4 a public key for the server; and \ 

5 a secret key for the server previously agreeii upon between the server and 

6 the KDC and stored at the KDC. \ 
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1 \8. The method of claim 1 , wherein receiving the communication from 

2 the served involves authenticating the server. 

1 9. \ The method of claim 8, wherein authenticating the server involves 

2 using authentication information pertaining to the server, the authentication 

3 information including a certificate chain from a trust anchor to the server, and 

4 including a serveWiblic key that is associated with a server private key to form a 

5 public key-private key pair associated with the server. 

1 1 0. The method of claim 8 5 wherein authenticating the server involves 

2 authenticating the serverWithout having prior configuration information 

3 pertaining to the server at the KDC. 

1 11. The method of Vlaim 8, wherein authenticating the server includes 

2 using a server public key that is \tored locally in the KDC. 

1 12. The method of clairml , wherein the temporary secret key is 

2 encrypted with a public key belongingyto the KDC, so that the temporary secret 

3 key can only be decrypted using a private key belonging to the KDC. 

1 13. The method of claim 1 , wheVein the communication is signed with 

2 a server private key so that the KDC can use a corresponding server public key to 

3 verify that the communication was sent by the Server . 

1 14. The method of claim 1, wherein th^communication is received in 

2 response to a request being sent by the KDC to the server indicating that the 

3 temporary secret key is needed from the server. \ 
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15. The method of claim 1, further comprising communicating 
information to the server that enables the server to authenticate the KDC. 

1 6. \ The method of claim 1 , wherein the KDC operates in accordance 
with the Kerberos standard. 

1 7. The method of claim 1 , wherein the communication received from 
the server additionally includes an identifier for the server. 

1 8. The method of claim 1 , further comprising propagating the 
temporary secret key to multiple KDCs. 

19. A computer-Wdable storage medium storing instructions that 
when executed by a computencause the computer to perform a method for 
operating a key distribution center (KDC) that provides keys to facilitate secure 
communications between clients and servers across a computer network, wherein 
the KDC operates without having ti& store long-term server secrets, the method 
comprising: \ 

receiving a communication thafyis authenticated from a server at the KDC; 

wherein the communication includes a temporary secret key to be used in 
communications with the server for a limited time period; and 

storing the temporary secret key at the KDC, so that the temporary secret 
key can be subsequently used to facilitate communications between a client and 
the server. \ 
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1 \ 20. The computer-readable storage medium of claim 19, wherein upon 

2 subsequently receiving a request from the client at the KDC to communicate with 

3 the server, the method further comprises facilitating communications between the 

4 client ancmhe server by: 

5 producing a session key to be used in communications between the client 

6 and server; \ 

7 creating^ ticket to the server by encrypting an identifier for the client and 

8 the session key with the temporary secret key for the server; and 

9 assembling V message that includes the identifier for the server, the session 

1 0 key and the ticket to tlie server; and 

1 1 sending the mesWe to the client in a secure manner; and 

1 2 allowing the clien\to forward the ticket to the server in order to initiate 

1 3 communications between the client and the server. 

1 21. The computer-readable storage medium of claim 20, wherein upon 

2 receiving the ticket from the client at the server, the method further comprises: 

3 decrypting the ticket at the server using the temporary secret key to restore 

4 the session key and the identifier for the client; and 

5 using the session key at the server to protect subsequent communications 

6 between the server and the client. \ 

1 22. The computer-readable storageVnedium of claim 20, wherein 

2 assembling the message involves including an expiration time for the session key 

3 in the message. \ 

1 23. The computer-readable storage medium of claim 20, wherein 

2 allowing the client to forward the ticket to the server includes allowing the client 
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1 to forward an identifier for the temporary secret key to the server, so that the 

2 server can know which temporary secret key to use in decrypting the ticket. 

1 The computer-readable storage medium of claim 20, wherein 

2 sending ttife message to the client in the secure manner involves encrypting the 

3 message witl^a second session key that was previously communicated to the client 

4 by the KDC. 

1 25. The\eomputer-readable storage medium of claim 20, wherein the 

2 method further comprises alternatively creating the ticket to the server by 

3 encrypting the identifier for the client and the session key with one of: 

4 a public key for the server; and 

5 a secret key for the\erver previously agreed upon between the server and 

6 the KDC and stored at the KJ$C. 

1 26. The computer-reaiiable storage medium of claim 19, wherein 

2 receiving the communication from tjie server involves authenticating the server. 

1 27. The computer-readable Storage medium of claim 26, wherein 

2 authenticating the server involves using authentication information pertaining to 

3 the server, the authentication information including a certificate chain from a trust 

4 anchor to the server, and including a server public key that is associated with a 

5 server private key to form a public key-private key pair associated with the server. 



1 28. The computer-readable storage medhim of claim 26, wherein 

2 authenticating the server involves authenticating the server without having prior 

3 configuration information pertaining to the server at th\ KDC. 

20 

Attorney Docket No. SUN-P5343-RSH Inventor(s): Perlman, et al. 

ARPWPORSCHEVMY DOCUMENTS\SUN MICROSYSTEMS\SUN-P5343-RSH\SUN-P5343-RSH APPLICATION. DOC 



\ 29. The computer-readable storage medium of claim 26, wherein 
authenticating the server includes using a server public key that is stored locally in 
the KDGL 

30. \ The computer-readable storage medium of claim 19, wherein the 
temporary secret key is encrypted with a public key belonging to the KDC, so that 
the temporary secret key can only be decrypted using a private key belonging to 
the KDC. \ 

3 1 . The cbmputer-readable storage medium of claim 1 9, wherein the 
communication is signed with a server private key so that the KDC can use a 
corresponding server public key to verify that the communication was sent by the 
server. \ 

32. The computeAreadable storage medium of claim 19, wherein the 
communication is received in response to a request being sent by the KDC to the 
server indicating that the temporary secret key is needed from the server. 

33. The computer-readabPe storage medium of claim 19, wherein the 
method further comprises communicating information to the server that enables 
the server to authenticate the KDC. \ 

34. The computer-readable storage medium of claim 19, wherein the 
KDC operates in accordance with the Kerberos standard. 
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1 \ 35. The computer-readable storage medium of claim 19, wherein the 

2 communication received from the server additionally includes an identifier for the 

3 server. \ 

1 36. \ The computer-readable storage medium of claim 19, wherein the 

2 method furthercomprises propagating the temporary secret key to multiple KDCs. 

1 37. An Jroparatus that provides keys to facilitate secure 

2 communications between clients and servers across a computer network, wherein 

3 the apparatus operates without having to store long-term server secrets, 

4 comprising: \ 

5 a key distribution center (KDC); 

6 a receiving mechanisb within the KDC that is configured to receive a 

7 communication from a server A 

8 wherein the communication includes a temporary secret key to be used in 

9 communications with the server for a limited time period; and 

1 0 a storage mechanism withinme KDC that is configured to store the 

1 1 temporary secret key at the KDC, so that the temporary secret key can be 

12 subsequently used to facilitate communications between a client and the server. 

1 38. The apparatus of claim 37, Wther comprising a communication 

2 facilitation mechanism within the KDC, wherein upon receiving a request from 

3 the client to communicate with the server, theycommunication facilitation 

4 mechanism is configured to: \ 

5 produce a session key to be used in communications between the client 

6 and server; \ 
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7 \ create a ticket to the server by encrypting an identifier for the client and 

8 the session key with the temporary secret key for the server; 

9 assemble a message that includes the identifier for the server, the session 

1 0 key and me ticket to the server; 

1 1 send the message to the client in a secure manner; and to 

12 allow the client to forward the ticket to the server in order to initiate 

13 communications between the client and the server. 

1 39. The apparatus of claim 38, further comprising a mechanism within 

2 the server that is configured to: 

3 decrypt the tioket received from the client using the temporary secret key 

4 to restore the session k^v and the identifier for the client; and to 

5 use the session key to protect subsequent communications between the 

6 server and the client. \ 

1 40. The apparatus of claim 38, wherein the communication facilitation 

2 mechanism is configured to include an expiration time for the session key in the 

3 message. \ 

1 41 . The apparatus of claim >3 8, wherein the client is configured to 

2 additionally forward an identifier for thestemporary secret key to the server, so that 

3 the server can know which temporary secret key to use in decrypting the ticket. 

1 42. The apparatus of claim 38, wherein in sending the message to the 

2 client in the secure manner, the communicationVacilitation mechanism is 

3 configured to encrypt the message with a second Session key that was previously 

4 communicated to the client by the KDC. \ 
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43. The apparatus of claim 38, wherein the communication facilitation 
mechanism is configured to alternatively create the ticket to the server by 
encrypting the identifier for the client and the session key with one of: 

a public key for the server; and 

a secVet key for the server previously agreed upon between the server and 
the KDC and Stored at the KDC. 

44. ThWomputer-readable storage medium of claim 37, further 
comprising an authentication mechanism that is configured to authenticate the 
server. \ 

45. The apparatus of claim 44, wherein in authenticating the server, the 
authentication mechanism lis configured to use authentication information 
pertaining to the server, the authentication information including a certificate 
chain from a trust anchor to th& server, and including a server public key that is 
associated with a server private key to form a public key-private key pair 
associated with the server. \ 

46. The apparatus of clairriv44, wherein in authenticating the server the 
authentication mechanism is configured to operate without having prior 
configuration information pertaining to the server at the KDC. 

47. The apparatus of claim 44, wherein in authenticating the server, the 
authentication mechanism is configured to use a server public key that is stored 
locally in the KDC. \ 
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48. The apparatus of claim 37, wherein the temporary secret key is 
encrypted\with a public key belonging to the KDC, so that the temporary secret 
key can only be decrypted using a private key belonging to the KDC. 

49. VThe apparatus of claim 37, wherein the communication is signed 
with a server prwate key so that the KDC can use a corresponding server public 
key to verify tharthe communication was sent by the server. 

50. The apparatus of claim 37, further comprising a requesting 
mechanism within the KDC that is configured to send a request to the server 
indicating that the temporary secret key is needed from the server. 

5 1 . The apparatus of claim 37, further comprising a sending 
mechanism that is configurea\to send information to the server that enables the 
server to authenticate the KDC\ 

52. The apparatus of claim 37, wherein the KDC is configured to 
operate in accordance with the Keraeros standard. 

53. The apparatus of claim j7, wherein the communication received 
from the server additionally includes an identifier for the server. 

54. The apparatus of claim 37, wherein the storage mechanism is 
additionally configured to communicate the temporary secret key to multiple 
KDCs. \ 
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